Osiris[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Osiris.dll
Size

1.4MB
MD5

867ce4c1c762bec122674c8874eb7fc3
SHA1

a98531a2c2c3e924da579aa4e5cddde1d0978b6c
SHA256

f459416f91305ef8ff6bbbfa1a7f017a1da3c0efa4a892468818eb867aa020d0
SHA512

9b2187f159dacd1e3550fff5a42f5d1ec46ae8f55fd6e37a5c11ad595e24a10c2e1335a5a246eca429986617360cef6d79efc76f380efd705d7e291491cc911a
SSDEEP

24576:hGdvPYqSgcCCMgEfTHhsYbqKTVKlP1n3UMhKOkpwXjHA1rK8e9nL37m53Bxd:xq73TTbqhlniKgY8e9ng3Bx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Osiris.dll

Files

Osiris.dll
.dll windows x86

12f9017f7f8e235223d21864526d7aa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoTaskMemFree

ntdll

RtlUnwind
NtAllocateVirtualMemory
NtProtectVirtualMemory

user32

ShowWindow
CallWindowProcW
FindWindowW
SetWindowLongW
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
FlashWindowEx
GetClientRect
GetDC
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SetCursorPos

kernel32

GetTimeZoneInformation
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
GetCurrentProcess
VirtualFree
VirtualQuery
CloseHandle
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
FreeLibraryAndExitThread
CreateThread
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsValidCodePage
InitializeSListHead
TerminateProcess
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetLastError
MoveFileExW
GetFileInformationByHandleEx
TryAcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
ReadFile
GetACP
GetOEMCP
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
SetEndOfFile
WriteConsoleW
GetSystemTimeAsFileTime
LoadLibraryExW
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

gdi32

SelectObject
GetFontData
EnumFontFamiliesExW
DeleteObject
DeleteDC
CreateFontW
CreateFontA
CreateCompatibleDC

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12f9017f7f8e235223d21864526d7aa6

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ole32

ntdll

user32

kernel32

imm32

gdi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 175KB - Virtual size: 175KB

.data Size: 5KB - Virtual size: 44KB

_RDATA Size: 10KB - Virtual size: 9KB

.reloc Size: 35KB - Virtual size: 34KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 175KB - Virtual size: 175KB

.data
Size: 5KB - Virtual size: 44KB

_RDATA
Size: 10KB - Virtual size: 9KB

.reloc
Size: 35KB - Virtual size: 34KB